Detection and Response Engineer

Responsibilities

• Investigating security events across the organization using experience in log analysis, digital forensics, or malware analysis.
• Creating, deploying and maintaining high signal threat detections based on threat actor TTPs.
• Architecting a highly scalable incident response process by developing, applying and refining automation for Incident Response life cycle steps.
• Coordinating multi-functional incident response during security incidents, assisting partner teams during non-security incidents.
• Researching new detection mechanisms for attack vectors and techniques relevant to our space and presenting findings to internal and external audiences.
• Evaluating external tooling, developing new automation and tooling.
• Helping to rapidly scale the team, maturing tooling, best practices, engineering processes, and hiring.

Qualifications

• 5+ years experience in Detection and Response (Detection Engineering, Digital Forensics, Incident Response, and/or Threat Intelligence).
• Strong communicator with both words and data to a wide variety of stakeholders under varying conditions.
• Experience as an incident responder leading multi-team incidents.
• Technical innovation skills, finding technical solutions, learning new technology, evangelizing security and privacy.
• Ability to move forward major projects in ambiguous situations through influence.
• Practical experience with attacker tactics, techniques, and procedures (TTPs).
• Comfortable with complexity short-term but building towards simplicity long-term.
• Experience with cloud environments and automation.
• Relevant development experience in at least one scripting language, preferably Python.